Workforce issues are the “most foundational problem” for much of the sector, said Josh Corman, co-founder of the device cybersecurity advocacy group I Am The Cavalry and member of the task force. While all industries are bracing for a cybersecurity talent crunch, healthcare faces a few unique problems.

“It’s not just that small- and medium-sized businesses lack funding to incentivize talent.It’s not just the growing lack of talent or encouraging people to go to rural locations. It’s all of them,” Corman said.

Though the Health Insurance Portability and Accountability Act requires healthcare offices to designate an employee in charge of information privacy, many have no training in cybersecurity. Some offices only employ staff in the single digits, meaning an investment in a new full-time worker to handle information security would be an untenable investment.

The challenge, said Corman, is to scale existing talent while working toward more complete security staffing.

One of the report’s more counterintuitive suggestions targets scaling this kind of talent by amending anti-kick back laws that could prevent a larger healthcare provider from sharing security software or resources with smaller offices.

Workforce is such a foundational problem because many of the common-sense solutions that the panel suggest cannot take flight without a trained person to lead them.

The recommendations include things like security assessments using National Institute of Standards and Technology guidelines that would be beyond the reach of untrained personnel.

Though the recommendations suggest these assessments be done using the NIST Cybersecurity Framework — a cybersecurity strategy guide intended to be flexible enough to cover any organization — the task force also suggests that NIST create a healthcare-focused guide.

“The advice in the Cybersecurity Framework is overwhelmingly focused on financially motivated actors taking or ransoming private data,” said Corman, “while healthcare has a different set of problems.”

Denial of service attacks — attacks aimed at rendering systems unusable — are a bigger problem for a hospital than for most businesses.

“An availability attack on hospital equipment could be fatal,” said Corman.

The report also takes aim at the government’s widely distributed system of regulating privacy and cybersecurity, with no single point

A variety of agencies ranging from Health and Human Services and the Federal Trade Commission to the Occupational Health and Safety Administration and Securities and Exchange Commission all regulate different aspects of healthcare.

Having a single official to centralize efforts could simplify the process for businesses.

The Task Force recommends that healthcare providers take on the seemingly herculean task of modernizing systems. Though up-to-date equipment is critical to preventing cyberattacks, healthcare creates unique impediments for updating systems.

The lifecycle of medical equipment can be as many as two decades long — meaning that 10- to 20-year-old systems would have to be compatible with any upgrade to systems. That is not always possible, meaning that upgrading any one component of a health provider’s arsenal might also require upgrading another.

Corman says there are a variety of funding methods the government or even the private sector could look at, including a “cash-for-clunkers” trade-in program.

“The truth is, a number of solutions may be required,” said Corman.

The Task Force also makes recommendations concerning how internet-connected medical devices, including personal devices like pacemakers and insulin pumps, are sold.

Nearly all commercially available software and hardware make use of prewritten software modules or operating systems.

Over time, security vulnerabilities grow in those prewritten software products. While the original programmers usually release updates correcting those flaws, that does not mean the products utilizing that software implements those updates.

One solution, writes the Task Force, is to ship all devices with a software bill of materials — a manifest of which versions of what software is incorporated with a product.

It would insure that users would at least be aware of what modules to know to update and allow them to seek out workarounds for problems when updates are not available.

Consider the life of a chef on the road. Even when they’re not doing “research” for an upcoming project—trips that are essentially designed for overeating and drinking—they’re still likely seeking the best of what got them into the industry in the first place: damn good food.

The proliferation of low-cost airlines flying out of the U.S. means that it’s now possible to hop to Europe for as low as half the price charged by major carriers, the New York Times writes. But there’s always a trade-off — and it pays to comparison-shop, according to the publication.

Featured Contributors

Chasing snake oil and fad gurus is harmless until your journey of personal discovery becomes a platform for prescribing therapies to complete strangers. Any reasonably diligent venture capital partner should be weighing the risks.

Shkreli — who famously insulted members of Congress earlier this year but refused to testify officially over his own decision to increase the price of a life-saving pill — is now hopping at the chance to defend generic drug manufacturer Mylan.
He may even have opened the door to testify before the House Committee on Oversight and Government Reform, where he previously cited his Fifth Amendment's right to avoid incriminating himself.
"Any chance i can come through this time and actually testify?" he tweeted Thursday in a post directed at the committee's Democrats.
All of this now paves an unlikely new friendship between Shkreli and Mylan CEO Heather Bresch.
Heather Bresch created about $15 billion in value for Mylan in the seven years since she stepped up as president of the company. A big part of that value add came from her talent for repackaging off-the-shelf drugs into bona fide blockbusters.

Donald Trump is talking about Hillary Clinton’s health, as are two doctors who havenever evaluated Clinton. They have apparently diagnosed her with all kinds of ailments using the long disproven Fox-Drudge equation.
This attention on Clinton has renewed some interest in the letter Donald Trump released last year from his personal physician.

Even as doctors enter a medical field with more paying patients under the Affordable Care Act and unprecedented numbers of job opportunities, 25 percent of “newly trained physicians” would still choose another field if they could, according to a new analysis.